"I prefer KeePass because it's free, open source, integrated with Windows User Account Control, and it is not a browser plug-in," said Jason Fossen, an instructor at Bethesda, MD-based SANS Institute. "It's not ideal for security to take many of your most important secrets — your passwords and credit card numbers — and incorporate them into the one application most likely to become infected with malware — the browser."
KeePass is a separate utility, not a browser plug-in, he said.
"KeePass also supports PowerShell scripting for custom solutions," he added.
This is a minimalist option for those willing to give up convenience and functionality for extra security.
Another password management system that allows credential sharing is 1Password.
One user is Steve Hultquist, chief evangelist at Sunnyvale, Cal.-based RedSeal, Inc.
"I strongly recommend password generation applications that provide a secure vault for all your passwords," he said. "They allow you to automatically generate completely random strings of characters and to use unique passwords for every site, while the application allows you to automatically fill in those passwords when you visit the sites on your computer, mobile device, and apps."
Like Dashlane and LastPass, 1Password supports all major browsers, auto-fills forms, and has apps for both iOS and Android devices.
Blur's unique feature is that it doesn't just generate a long, completely random password — it will also generate disposable email addresses for you that mask your real address.
Like the other commercial password managers, the basic version is free and the company makes money selling a premium version. With Blur, the $40 premium version also generates one-time credit card numbers with built-in spending limits to protect users against hidden charges or data breaches, and masked phone numbers for even more privacy.
"Everyone that uses the Internet should also use a password manager," said Abine CEO Rob Shavell. "Password managers are more convenient so you are guaranteed to save time each week and they help consumers be far more secure. Businesses both small and large need to start encouraging or mandating password manager use."
In addition to his own product, Blur, Shavell also recommends LastPass, 1Password and Dashlane, as well as PasswordBox, listed below.
"The top password managers now work well enough everywhere — on your browser and on your phone and on almost all web sites — that there is no longer any excuse not to use them, unless you want to be hacked," he said.
Recently acquired by Intel, the PasswordBox premium version is temporarily free for all customers.
Plus, the service plans to roll out something they call "True Key" functionality later on this year, which will replace the master password with biometrics such as facial recognition.
Sign up for CIO Asia eNewsletters.